Mercurial > hg > nginx

changeset 5022:1d819608ad4a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: avoid calling SSL_write() with zero data size. According to documentation, calling SSL_write() with num=0 bytes to be sent results in undefined behavior. We don't currently call ngx_ssl_send_chain() with empty chain and buffer. This check handles the case of a chain with total data size that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end. In practice such cases resulted in premature connection close and critical error "SSL_write() failed (SSL:)" in the error log.
author Valentin Bartenev <vbart@nginx.com>
date Mon, 28 Jan 2013 15:40:25 +0000
parents 674f8739e443
children 70a35b7b63ea
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1213,6 +1213,12 @@ ngx_ssl_send_chain(ngx_connection_t *c, 
 
         size = buf->last - buf->pos;
 
+        if (size == 0) {
+            buf->flush = 0;
+            c->buffered &= ~NGX_SSL_BUFFERED;
+            return in;
+        }
+
         n = ngx_ssl_write(c, buf->pos, size);
 
         if (n == NGX_ERROR) {